From: Martin Mares <mj@ucw.cz>
Date: Sat, 5 Nov 2016 19:20:00 +0000 (+0100)
Subject: Implemented probation
X-Git-Tag: v1.0~9
X-Git-Url: http://mj.ucw.cz/gitweb/?a=commitdiff_plain;h=ec7fc31466ea0efaaf73c9b5ec648b4764c6005e;p=bouncer.git

Implemented probation
---

diff --git a/TODO b/TODO
index 4745a25..f992cea 100644
--- a/TODO
+++ b/TODO
@@ -1,5 +1,6 @@
 - location of default config file
 - configurable names of PAM modules
+- per-account weights
 
 Doc:
 - ipset create bouncer4 hash:ip family inet
diff --git a/bouncer.c b/bouncer.c
index 41f85ea..a74e549 100644
--- a/bouncer.c
+++ b/bouncer.c
@@ -92,6 +92,7 @@ static uns max_suspect_time = 86400;
 static uns max_banned_time = 86400;
 static uns max_suspects = ~0U;
 static uns max_banned = ~0U;
+static uns probation;
 static char *ipv4_set;
 static char *ipv6_set;
 static char *config_log_stream;
@@ -104,6 +105,7 @@ static struct cf_section bouncer_cf = {
     CF_UNS("MaxSuspectTime", &max_suspect_time),
     CF_UNS("MaxBannedTime", &max_banned_time),
     CF_UNS("MaxFailures", &max_failures),
+    CF_UNS("Probation", &probation),
     CF_STRING("IPv4Set", &ipv4_set),
     CF_STRING("IPv6Set", &ipv6_set),
     CF_STRING("LogStream", &config_log_stream),
@@ -271,25 +273,38 @@ static void cleanup_list(clist *list, uns *counter, timestamp_t max_time, uns ma
 	  break;
 	}
 
+      clist_remove(&c->n);
+      (*counter)--;
+
       if (c->banned)
 	{
 	  msg(L_INFO, "Unbanning %s", AFMT(c->addr));
 	  is_modify(0, c->addr);
+	  if (probation)
+	    {
+	      c->banned = 0;
+	      c->last_fail = now;
+	      c->fail_count = max_failures - probation;
+	      clist_add_tail(&suspect_list, &c->n);
+	      num_suspects++;
+	      msg(L_DEBUG, "Suspect %s: probation, failures=%u", AFMT(c->addr), c->fail_count);
+	    }
+	  else
+	    culprit_remove(c);
 	}
       else
-	msg(L_DEBUG, "Suspect %s: acquitted", AFMT(c->addr));
-
-      clist_remove(&c->n);
-      culprit_remove(c);
-      (*counter)--;
+	{
+	  msg(L_DEBUG, "Suspect %s: acquitted", AFMT(c->addr));
+	  culprit_remove(c);
+	}
     }
 }
 
 static void culprit_cleanup(void)
 {
   timestamp_t next_cleanup = main_get_now() + (timestamp_t)3600 * 1000;
-  cleanup_list(&suspect_list, &num_suspects, (timestamp_t)max_suspect_time * 1000, max_suspects, &next_cleanup);
   cleanup_list(&banned_list, &num_banned, (timestamp_t)max_banned_time * 1000, max_banned, &next_cleanup);
+  cleanup_list(&suspect_list, &num_suspects, (timestamp_t)max_suspect_time * 1000, max_suspects, &next_cleanup);
   timer_add(&cleanup_timer, next_cleanup);
 }
 
diff --git a/config b/config
index e8303b6..e3c9873 100644
--- a/config
+++ b/config
@@ -9,11 +9,15 @@ MaxFailures	10
 
 # When a suspect address generates no more failure for this many seconds,
 # it is forgotten.
-MaxSuspectTime	300
+MaxSuspectTime	600
 
 # Bans are lifted after this many seconds.
 MaxBannedTime	3600
 
+# When a ban is lifted, the address is again considered suspect
+# and its number of failures is set to MaxFailures - Probation (0=disable).
+Probation	2
+
 # Limit on the number of suspect addresses and bans we keep in memory
 MaxSuspects	1000
 MaxBanned	1000